internal/outcome: expose pipewire via pipewire-pulse

This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst. Closes #29. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-12-15 12:43:58 +09:00
parent 2e80660169
commit 54610aaddc
14 changed files with 113 additions and 77 deletions
--- a/options.md
+++ b/options.md
@@ -35,7 +35,7 @@ package


 *Default:*
-` <derivation hakurei-static-x86_64-unknown-linux-musl-0.3.1> `
+` <derivation hakurei-static-x86_64-unknown-linux-musl-0.3.2> `



@@ -73,11 +73,11 @@ null or boolean



-## environment\.hakurei\.apps\.\<name>\.enablements\.pulse
+## environment\.hakurei\.apps\.\<name>\.enablements\.pipewire



-Whether to share the PulseAudio socket and cookie\.
+Whether to share the PipeWire server via pipewire-pulse on a SecurityContext socket\.



@@ -95,7 +95,7 @@ null or boolean



-Whether to share the Wayland socket\.
+Whether to share the Wayland server via security-context-v1\.



@@ -805,7 +805,7 @@ package


 *Default:*
-` <derivation hakurei-hsu-0.3.1> `
+` <derivation hakurei-hsu-0.3.2> `